Countries

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact country lookup skill with disclosed public API use and minor privacy and installation caveats.

Install this only if you are comfortable with public country lookup queries being sent to restcountries.com. Verify the external GitHub repository before cloning or symlinking the CLI, and avoid passing sensitive or private text as country search input.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The README states that the skill uses the REST Countries API but does not clearly warn users that their queries are transmitted to a third-party service. This can create a privacy and data-handling transparency issue, especially if users input sensitive locations, names, or other contextual information they do not realize will leave the local environment.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal